Which ASCII Characters Does urlEncodedFormat() Escape In ColdFusion

urlEncodedFormat() is one of those functions that I've been using forever; but, when I stop and think about it, I'm not 100% sure what it actually does. I mean, I know that it prepares a value to be used in a URL; but I don't think I've ever actually read the documentation on it. And, I've definitely never experimented with it. As such, I thought I would do a little "note to self" blog post and see what actually happens when I apply urlEncodedFormat() to individual characters.

This experiment is simple - loop over each character, apply urlEncodedFormat(), and see if the resultant value is different. If so, it means that urlEncodedFormat() encoded the value.

<cfscript>

// NOTE: Only going between 32 and 126 because urlEncodedFormat() appears to

// encode all control characters as well as anything above 127 (inclusive).

for ( i = 32 ; i <= 126 ; i++ ) {

charValue = chr( i );

escapedValue = urlEncodedFormat( charValue, "utf-8" );

// If the two values don't match, it means that urlEncodedFormat() is

// escapeing the value.

if ( compare( charValue, escapedValue ) ) {

writeOutput( "#i# ... #charValue# ... #escapedValue#<br />" );

}

}

</cfscript>

I'm only looping from 32 to 126 because urlEncodedFormat() seems to encode all control characters (most of which are 0-31) and all characters on or above 127. So, for the sake of the demo, I've limited it to the area of the basic ASCII set where things are interesting.

As you can see, urlEncodedFormat() escaped every non-alpha-numeric character. Which is, ironically, exactly what the documentation says:

Generates a URL-encoded string. For example, it replaces spaces with %20, and non-alphanumeric characters with equivalent hexadecimal escape sequences. Passes arbitrary strings within a URL (ColdFusion automatically decodes URL parameters that are passed to a page).

There's an extensive character comparison of old vs. new HTML, XML, URL and JS encoders here:

http://damonmiller.github.io/esapi4cf/tutorials/Encoding.html

Reply to this Comment

Post A Comment

You — Get Out Of My Dreams, Get Into My Comments

Live in the Now

Oops!

Name:

Email:

( I keep this private )

Website:

Comment:

Subscribe to comments.

Comment Etiquette: Please do not post spam. Please keep the comments on-topic. Please
do not post unrelated questions or
large chunks of code. And, above all, please be nice to each other - we're trying to
have a good conversation here.

I am the co-founder and lead engineer at InVision App, Inc — the world's leading prototyping,
collaboration & workflow platform. I also rock out in JavaScript and ColdFusion 24x7 and I dream about
promise resolving asynchronously.